QUESTION 178Which three statements about the Cisco IPS sensor are true? (Choose three.)

A. You cannot pair a VLAN with itself.B. For a given sensing interface, an interface used in a VLAN pair can be a member of another inline interface pair.C. For a given sensing interface, a VLAN can be a member of only one inline VLAN pair, however, a given VLAN can be a member of an inline VLAN pair on more than one sensing interface.D. The order in which you specify the VLANs in a inline pair is significant.E. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.

Answer: ACEExplanation:Inline VLAN Interface PairsYou cannot pair a VLAN with itself.For a given sensing interface, a VLAN can be a member of only one inline VLAN pair. However, a given VLAN can be a member of an inline VLAN pair on more than one sensing interface.The order in which you specify the VLANs in an inline VLAN pair is not significant. A sensing interface in inline VLAN pair mode can have from 1 to 255 inline VLAN pairs.

A. It can connect to PIM-SM and PIM-DM domainsB. It announces multicast sources from a groupC. The DR sends source data to the rendezvous point only at the time the source becomes activeD. It can connect only to PIM-DM domainsE. It registers multicast sources with the rendezvous point of a domainF. It allows domains to discover multicast sources in the same or different domains.

Answer: BEF

QUESTION 181What are two advantages of NBAR2 over NBAR? (Choose two)

A. Only NBAR2 support Flexible NetFlow for extracting and exporting fields from the packet header.B. Only NBAR2 allows the administrator to apply individual PDL files.C. Only NBAR2 support PDLM to support new protocals.D. Only NBAR2 can use Sampled NetFlow to extract pre-defined packet headers for reporting.E. Only NBAR2 supports custom protocols based on HTTP URLs.

A. It requires a standard ACL on the switch portB. It conflicts with auto-configurationC. It allows you to configure redundant links between authenticator and supplicant switchesD. It supports port-based authentication on the authenticator switchE. It can be configured on both access ports and trunk portsF. It can be configured on both access ports and EtherChannel ports

Answer: DE

QUESTION 183What are three pieces of data you should review in response to a suspected SSL MITM attack? (Choose three)

A. The IP address of the SSL serverB. The X.509 certificate of the SSL serverC. The MAC address of the attackerD. The MAC address of the SSL serverE. The X.509 certificate of the attackerF. The DNS name off the SSL server

Answer: ABF

QUESTION 184From what type of server can you to transfer files to ASA’s internal memory ?

A. SSHB. SFTPC. NetlogonD. SMB

Answer: D

QUESTION 186Which feature can you implement to protect against SYN-flooding DoS attacks?

QUESTION 187Refer to the exhibit. If R1 is connected upstream to R2 and R3 at different ISPs as shown, what action must be taken to prevent Unicast Reverse Path Forwarding (uRPF) from dropping asymmetric traffic?

QUESTION 188Refer to the exhibit. Which effect of this Cisco ASA policy map is true?

A. The Cisco ASA is unable to examine the TLS session.B. The server ends the SMTP session with a QUIT command if the algorithm or key length is insufficiently secure.C. it prevents a STARTTLS session from being established.D. The Cisco ASA logs SMTP sessions in clear text.

Answer: DExplanation:http://www.cisco.com/c/en/us/about/security-center/intelligence/asa-esmtp-starttls.html#interacthttps://stomp.colorado.edu/blog/blog/2012/12/31/on-smtp-starttls-and-the-cisco-asa/And in RFC 3207 that governs this TLS negotiation is said that ” If the SMTP client decides that the level of authentication or privacy is not high enough for it to continue, it SHOULD issue an SMTP QUIT command immediately after the TLS negotiation is complete. If the SMTP server decides that the level of authentication or privacy is not high enough for it to continue, it SHOULD reply to every SMTP command from the client (other than a QUIT command) with the 554 reply code (with a possible text string such as “Command refused due to lack of security”).” Hence it is the client that sends QUIT command, not the serverThis is an example of ASA logging an SMTP session that was established using TLS:Mar 07 2017 19:40:04: %ASA-6-108007: TLS started on ESMTP session between client outside:98.139.212.154/45850 and server inside:192.168.1.12/25

QUESTION 189What security element must an organization have in place before it can implement a security audit and validate the audit results?